Closed
Bug 457416
Opened 16 years ago
Closed 16 years ago
TM: Crash @ js3250.dll!nanojit::LirBufWriter::insFar(nanojit::LOpcode op=LIR_tramp, nanojit::LIns * target=0xb5884100) Line 401 + 0x3 bytes
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: ilkkap, Unassigned)
References
()
Details
(Keywords: crash)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1b1pre) Gecko/20080926033937 Minefield/3.1b1pre (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1b1pre) Gecko/20080926033937 Minefield/3.1b1pre (.NET CLR 3.5.30729)
I enabled both jit options from about:config.
From there on, Minefield crashes just after login to facebook.
Reproducible: Always
Steps to Reproduce:
1. Enable both jit options
2. Login to facebook
3.
Actual Results:
Crash
Expected Results:
No crash
Call stack:
> js3250.dll!nanojit::LirBufWriter::insFar(nanojit::LOpcode op=LIR_tramp, nanojit::LIns * target=0xb5884100) Line 401 + 0x3 bytes C++
js3250.dll!nanojit::LirBufWriter::ensureReferenceable(nanojit::LIns * i=0x00000018, int addedDistance=3) Line 265 C++
js3250.dll!nanojit::LirBufWriter::insCall(unsigned int fid=46, nanojit::LIns * * args=0x0022eab0) Line 968 + 0x14 bytes C++
js3250.dll!nanojit::CseFilter::insCall(unsigned int fid=46, nanojit::LIns * * args=0x0022eab0) Line 1801 + 0xc bytes C++
js3250.dll!FuncFilter::insCall(unsigned int fid=44, nanojit::LIns * * args=0x0022eadc) Line 684 C++
js3250.dll!TraceRecorder::record_JSOP_GETELEM() Line 4638 C++
js3250.dll!js_Interpret(JSContext * cx=0x03e9c600) + 0x47956 bytes C++
js3250.dll!js_Invoke(JSContext * cx=0x03e9c600, unsigned int argc=1, long * vp=0x05cac314, unsigned int flags=0) Line 1324 + 0xa bytes C++
js3250.dll!js_fun_apply(JSContext * cx=0x03e9c600, unsigned int argc=1, long * vp=0x05cac2fc) Line 1732 C++
js3250.dll!js_Interpret(JSContext * cx=) Line 4986 C++
js3250.dll!js_LookupPropertyWithFlags(JSContext * cx=0x05c509e0, JSObject * obj=0x05c50260, long id=1, unsigned int flags=1, JSObject * * objp=0x00000016, JSProperty * * propp=0x05ce3464) Line 3395 C++
js3250.dll!6e23ec8f()
js3250.dll!6e23ecd7()
Updated•16 years ago
|
Assignee: nobody → general
Severity: major → critical
Component: General → JavaScript Engine
Keywords: crash
Product: Firefox → Core
QA Contact: general → general
Summary: FF31b1pre - Crash @ js3250.dll!nanojit::LirBufWriter::insFar(nanojit::LOpcode op=LIR_tramp, nanojit::LIns * target=0xb5884100) Line 401 + 0x3 bytes → TM: Crash @ js3250.dll!nanojit::LirBufWriter::insFar(nanojit::LOpcode op=LIR_tramp, nanojit::LIns * target=0xb5884100) Line 401 + 0x3 bytes
Comment 2•16 years ago
|
||
I'm hitting this too http://crash-stats.mozilla.com/report/index/e374e642-8efa-11dd-a502-001a4bd43ed6?p=1. URL: http://blog.mozilla.com/bhearsum/wp-admin/post-new.php (sorry, can't give out credentials.) Build: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b1pre) Gecko/20080929020507 Minefield/3.1b1pre ID:20080929020507
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 3•16 years ago
|
||
I got this issue reported in my forum, supposedly it only happens when Adblock Plus is enabled (meaning that a JS content policy is installed). I could reproduce it in the current nightly: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b1pre) Gecko/20080930093007 Minefield/3.1b1pre URL: http://www.blogger.com/comment.g?blogID=19336675&postID=1727342678535742344 Crash: http://crash-stats.mozilla.com/report/index/f874b033-8f80-11dd-8fa1-001cc45a2c28
Comment 4•16 years ago
|
||
I think david is working on this. David, can you look at the stack traces and then dup this one?
After the latest nightly update it seems to be working for me. Guess this was a duplicate? No crashes... yet.
Indeed, I can't reproduce this. There was a crash bug related to the information in these crash reports, but it was fixed two days ago. If anyone else still gets this problem with the latest nightly please re-open or post back.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Updated•16 years ago
|
Resolution: FIXED → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•